In various contexts, it is desirable to prove that a computer system is configured as intended either presently or at some point in the past. In regulated industries, the regulatory body may require that the computer system is configured according to an approved configuration. For example, in the pharmaceutical industry, the United States Food and Drug Administration (FDA) requires that computer systems that provide various functions (e.g., collection of medical test data) meet certain configuration requirements.
There are existing processes for proving system configuration that rely on providing a paper trail. However, they require a great deal of time and effort on behalf of the entity that controls the system, which in turn represents significant costs associated with compliance with the regulatory requirements. Furthermore, these processes inherently rely on the trustworthiness of the person or people generating and storing the paperwork. Paperwork may be falsified, modified, or back-dated to create an audit trail that appears to prove a system was configured correctly at a given time when in fact it was not. Thus, a reliable automated or semi-automated process for proving system configuration could provide value to companies and individuals, particularly in heavily regulated industries.